diff options
| author | Andrew Tridgell <tridge@samba.org> | 2005-06-26 00:12:44 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:18:48 -0500 |
| commit | 8c53aba485e7986baacf91b2c99ef7999142aee4 (patch) | |
| tree | b615503de3ef8a222ba95d5dd8a591d71cf7653f /source4/lib/tls/tls.c | |
| parent | b3e493470f3465cfe5cfa958b019ac8cfb8f12f2 (diff) | |
| download | samba-8c53aba485e7986baacf91b2c99ef7999142aee4.tar.gz samba-8c53aba485e7986baacf91b2c99ef7999142aee4.tar.bz2 samba-8c53aba485e7986baacf91b2c99ef7999142aee4.zip | |
r7912: make private_path() recognise a non-relative filename, so we can have
sam database = sam.ldb
and it will know to put it in the private dir, but if you use
sam database = ldap://server
it knows to use it as-is
(This used to be commit c5bccbc366db144d3e1cb7b21f0e3284d841dd06)
Diffstat (limited to 'source4/lib/tls/tls.c')
| -rw-r--r-- | source4/lib/tls/tls.c | 28 |
1 files changed, 21 insertions, 7 deletions
diff --git a/source4/lib/tls/tls.c b/source4/lib/tls/tls.c index f89e2f1028..12087639c1 100644 --- a/source4/lib/tls/tls.c +++ b/source4/lib/tls/tls.c @@ -309,17 +309,22 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) { struct tls_params *params; int ret; - const char *keyfile = lp_tls_keyfile(); - const char *certfile = lp_tls_certfile(); - const char *cafile = lp_tls_cafile(); - const char *crlfile = lp_tls_crlfile(); + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + const char *keyfile = private_path(tmp_ctx, lp_tls_keyfile()); + const char *certfile = private_path(tmp_ctx, lp_tls_certfile()); + const char *cafile = private_path(tmp_ctx, lp_tls_cafile()); + const char *crlfile = private_path(tmp_ctx, lp_tls_crlfile()); void tls_cert_generate(TALLOC_CTX *, const char *, const char *, const char *); params = talloc(mem_ctx, struct tls_params); - if (params == NULL) return NULL; + if (params == NULL) { + talloc_free(tmp_ctx); + return NULL; + } if (!lp_tls_enabled() || keyfile == NULL || *keyfile == 0) { params->tls_enabled = False; + talloc_free(tmp_ctx); return params; } @@ -371,11 +376,13 @@ struct tls_params *tls_initialise(TALLOC_CTX *mem_ctx) params->tls_enabled = True; + talloc_free(tmp_ctx); return params; init_failed: DEBUG(0,("GNUTLS failed to initialise - %s\n", gnutls_strerror(ret))); params->tls_enabled = False; + talloc_free(tmp_ctx); return params; } @@ -450,6 +457,8 @@ struct tls_context *tls_init_client(struct socket_context *socket, struct tls_context *tls; int ret; const int cert_type_priority[] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; + char *cafile; + tls = talloc(socket, struct tls_context); if (tls == NULL) return NULL; @@ -461,11 +470,16 @@ struct tls_context *tls_init_client(struct socket_context *socket, return tls; } + cafile = private_path(tls, lp_tls_cafile()); + if (!cafile || !*cafile) { + goto failed; + } + gnutls_global_init(); gnutls_certificate_allocate_credentials(&tls->xcred); - gnutls_certificate_set_x509_trust_file(tls->xcred, lp_tls_cafile(), - GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_trust_file(tls->xcred, cafile, GNUTLS_X509_FMT_PEM); + talloc_free(cafile); TLSCHECK(gnutls_init(&tls->session, GNUTLS_CLIENT)); TLSCHECK(gnutls_set_default_priority(tls->session)); gnutls_certificate_type_set_priority(tls->session, cert_type_priority); |